From: domg472@gmail.com (Dominick Grift)
Date: Mon,  4 Oct 2010 20:23:28 +0200
Subject: [refpolicy] [ patch 16/44] netutils: nmap is optional.
In-Reply-To: <1286216636-28449-1-git-send-email-domg472@gmail.com>
References: <1286216636-28449-1-git-send-email-domg472@gmail.com>
Message-ID: <1286216636-28449-18-git-send-email-domg472@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com


Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 de06947... a4323c6... M	policy/modules/admin/netutils.te
 policy/modules/admin/netutils.te |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index de06947..a4323c6 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -206,7 +206,9 @@ miscfiles_read_localization(traceroute_t)
 
 userdom_use_user_terminals(traceroute_t)
 
-#rules needed for nmap
-dev_read_rand(traceroute_t)
-dev_read_urand(traceroute_t)
-files_read_usr_files(traceroute_t)
+optional_policy(`
+	#rules needed for nmap
+	dev_read_rand(traceroute_t)
+	dev_read_urand(traceroute_t)
+	files_read_usr_files(traceroute_t)
+')
-- 
1.7.2.3